Javascript not enabled

The possession of information is the quality or state of having value for some
purpose or end.

2.

The physical design is the blueprint for the desired solution.

3.

An e-mail virus involves sending an e-mail message with a modified field.

4.

When a computer is the subject of an attack, it is the entity being
attacked.

5.

To achieve balance — that is, to operate an information system that
satisfies the user and the security professional — the security level must allow reasonable
access, yet protect against threats.

6.

The implementation phase is the longest and most expensive phase of the systems
development life cycle (SDLC).

7.

Many states have implemented legislation making certain computer-related
activities illegal.

8.

Information security can be an absolute.

9.

Hardware is often the most valuable asset possessed by an organization and it is
the main target of intentional attacks.

10.

The value of information comes from the characteristics it possesses.

11.

Using a methodology increases the probability of success.

12.

A data custodian works directly with data owners and is responsible for the
storage, maintenance, and protection of the information.

13.

. Applications systems developed within the framework of the traditional
SDLC are designed to anticipate a software attack that requires some degree of application
reconstruction.

14.

The roles of information security professionals are almost always aligned with
the goals and mission of the information security community of interest.

15.

The bottom-up approach to information security has a higher probability of
success than the top-down approach.

16.

The investigation phase of the SecSDLC begins with a directive from upper
management.

17.

A breach of possession always results in a breach of confidentiality.

18.

A champion is a project manager, who may be a departmental line manager or staff
unit manager, and has expertise in project management and information security technical
requirements.

19.

Network security focuses on the protection of the details of a particular
operation or series of activities.

20.

During the early years of computing, the primary threats to security were
physical theft of equipment, espionage against the products of the systems, and sabotage.

21.

Organizations can use dictionaries to regulate password selection during the
reset process and thus guard against easy-to-guess passwords.

22.

With electronic information is stolen, the crime is readily apparent.

23.

An act of theft performed by a hacker falls into the category of
“theft,” but is also often accompanied by defacement actions to delay discovery and thus
may also be placed within the category of “forces of nature.”

24.

Information security safeguards the technology assets in use at the
organization.

25.

A worm requires that another program is running before it can begin
functioning.

26.

With the removal of copyright protection mechanisms, software can be easily
distributed and installed.

27.

Information security’s primary mission is to ensure that systems and their
contents retain their confidentiality at any cost.

28.

DoS attacks cannot be launched against routers.

29.

A number of technical mechanisms—digital watermarks and embedded code,
copyright codes, and even the intentional placement of bad sectors on software media—have been
used to deter or prevent the theft of software intellectual property.

30.

Compared to Web site defacement, vandalism within a network is less malicious in
intent and more public.

31.

Expert hackers are extremely talented individuals who usually devote lots of
time and energy to attempting to break into other people’s information systems.

32.

Forces of nature, force majeure, or acts of God can present some of the most
dangerous threats, because they are usually occur with very little warning and are beyond the control
of people.

33.

. A worm may be able to deposit copies of itself onto all Web servers that
the infected system can reach, so that users who subsequently visit those sites become
infected.

34.

Two watchdog organizations that investigate allegations of software abuse are
SIIA and NSA.

35.

A mail bomb is a form of DoS attack.

36.

A sniffer program can reveal data transmitted on a network segment including
passwords, the embedded and attached files—such as word-processing documents—and
sensitive data transmitted to or from applications.

37.

Attacks conducted by scripts are usually unpredictable.

38.

Much human error or failure can be prevented with effective training and ongoing
awareness activities.

39.

As an organization grows it must often use more robust technology to replace the
security technologies it may have outgrown.

40.

An advance-fee fraud attack involves the interception of cryptographic elements
to determine keys and encryption algorithms.

Multiple ChoiceIdentify the
choice that best completes the statement or answers the question.

41.

A methodology for the design and implementation of an information system that is
a formal development strategy is referred to as a __________.

a.

systems design

c.

systems development life cycle

b.

development life
project

d.

systems
schema

42.

Which of the following phases is often considered the longest and most expensive
phase of the systems development life cycle?

a.

investigation

c.

implementation

b.

logical design

d.

maintenance and
change

43.

During the __________ phase, specific technologies are selected to support the
alternatives identified and evaluated in the prior phases.

a.

investigation

c.

analysis

b.

implementation

d.

physical design

44.

An information system is the entire set of __________, people, procedures, and
networks that make possible the use of information resources in the organization.

a.

software

c.

data

b.

hardware

d.

All of the
above

45.

The famous study entitled “Protection Analysis: Final Report”
focused on a project undertaken by ARPA to understand and detect __________ in operating systems
security.

a.

Bugs

c.

Malware

b.

Vulnerabilities

d.

Maintenance
hooks

46.

A type of SDLC where each phase has results that flow into the next phase is
called the __________ model.

a.

pitfall

c.

waterfall

b.

SA&D

d.

Method 7

47.

The ____ is the individual primarily responsible for the assessment, management,
and implementation of information security in the organization.

a.

ISO

c.

CISO

b.

CIO

d.

CTO

48.

. __________ security addresses the issues necessary to protect the
tangible items, objects, or areas of an organization from unauthorized access and misuse.

a.

Physical

c.

Object

b.

Personal

d.

Standard

49.

Organizations are moving toward more __________-focused development approaches,
seeking to improve not only the functionality of the systems they have in place, but consumer
confidence in their product.

a.

security

c.

accessibility

b.

reliability

d.

availability

50.

A variation of n SDLC that can be used to implement information security
solutions in an organizations with little or no formal security in place is the
__________.

a.

SecDSLC

c.

LCSecD

b.

SecSDLC

d.

CLSecD

51.

__________ has become a widely accepted evaluation standard for training and
education related to the security of information systems.

a.

NIST SP 800-12

c.

IEEE 802.11(g)

b.

NSTISSI No. 4011

d.

ISO 17788

52.

A computer is the __________ of an attack when it is used to conduct an attack
against another computer.

a.

subject

c.

target

b.

object

d.

facilitator

53.

Which of the following is a valid type of role when it comes to data
ownership?

a.

Data owners

c.

Data users

b.

Data custodians

d.

All of the
above

54.

In file hashing, a file is read by a special algorithm that uses the value of
the bits in the file to compute a single number called the __________ value.

a.

result

c.

hash

b.

smashing

d.

code

55.

__________ was the first operating system to integrate security as its core
functions.

a.

UNIX

c.

MULTICS

b.

DOS

d.

ARPANET

56.

. __________ of information is the quality or state of being genuine or
original.

a.

Authenticity

c.

Confidentiality

b.

Spoofing

d.

Authorization

57.

A server would experience a __________ attack when a hacker compromises it to
acquire information from it from a remote location using a network connection.

a.

indirect

c.

software

b.

direct

d.

hardware

58.

People with the primary responsibility for administering the systems that house
the information used by the organization perform the ____ role.

a.

Security policy developers

c.

System
administrators

b.

Security professionals

d.

End users

59.

. Part of the logical design phase of the SecSDLC is planning for partial
or catastrophic loss. ____ dictates what immediate steps are taken when an attack occurs.

a.

Continuity planning

c.

Disaster recovery

b.

Incident response

d.

Security
response

60.

__________ is a network project that preceded the Internet.

a.

NIST

c.

FIPS

b.

ARPANET

d.

DES

61.

The ____________________ data file contains the hashed representation of
the user’s password.

a.

SLA

c.

FBI

b.

SNMP

d.

SAM

62.

____________________ are malware programs that hide their true nature, and
reveal their designed behavior only when activated.

a.

Viruses

c.

Spam

b.

Worms

d.

Trojan horses

63.

. ____________________ are compromised systems that are directed
remotely (usually by a transmitted command) by the attacker to participate in an attack.

a.

Drones

c.

Zombies

b.

Helpers

d.

Servants

64.

In a ____________________ attack, the attacker sends a large number of
connection or information requests to disrupt a target from a small number of sources.

a.

denial-of-service

c.

virus

b.

distributed
denial-of-service

d.

spam

65.

Acts of ____________________ can lead to unauthorized real or virtual
actions that enable information gatherers to enter premises or systems they have not been authorized
to enter.

a.

bypass

c.

trespass

b.

theft

d.

security

66.

4-1-9” fraud is an example of
a ____________________ attack.

a.

social engineering

c.

worm

b.

virus

d.

spam

67.

A ____________________ is an attack in which a coordinated stream of
requests is launched against a target from many locations at the same time.

a.

denial-of-service

c.

virus

b.

distributed
denial-of-service

d.

spam

68.

Which of the following functions does information security perform for an
organization?

a.

Protecting the organization’s ability to function.

c.

Protecting the data
the organization collects and uses.

b.

Enabling the safe operation of applications
implemented on the organization’s IT systems.

d.

All of the
above.

69.

In the ____________________ attack, an attacker monitors (or sniffs)
packets from the network, modifies them, and inserts them back into the network.

a.

zombie-in-the-middle

c.

server-in-the-middle

b.

sniff-in-the-middle

d.

man-in-the-middle

70.

As frustrating as viruses and worms are, perhaps more time and money is spent on
resolving virus ____________________.

a.

false alarms

c.

polymorphisms

b.

hoaxes

d.

urban legends

71.

Hackers can be generalized into two skill groups: expert and
____________________.

a.

novice

c.

packet monkey

b.

journeyman

d.

professional

72.

A short-term interruption in electrical power availability is known as a
____.

a.

fault

c.

brownout

b.

blackout

d.

lag

73.

. ____ is any technology that aids in gathering information
about a person or organization without their knowledge.

a.

A bot

c.

Trojan

b.

Spyware

d.

Worm

74.

Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type
of URL) which is longer than ____________________ characters in Internet Explorer 4.0, the
browser will crash.

a.

64

c.

256

b.

128

d.

512

75.

One form of online vandalism is ____________________ operations, which
interfere with or disrupt systems to protest the operations, policies, or actions of an organization
or government agency.

a.

hacktivist

c.

hackcyber

b.

phreak

d.

cyberhack

76.

Human error or failure often can be prevented with training, ongoing awareness
activities, and ____________________.

a.

threats

c.

hugs

b.

education

d.

paperwork

77.

Which of the following is an example of a Trojan horse program?

a.

Netsky

c.

Klez

b.

MyDoom

d.

Happy99.exe

78.

The ____________________ hijacking attack uses IP spoofing to enable an
attacker to impersonate another entity on the network.

a.

WWW

c.

FTP

b.

TCP

d.

HTTP

79.

____________________ is the premeditated, politically motivated attacks
against information, computer systems, computer programs, and data which result in violence against
noncombatant targets by subnational groups or clandestine agents.

a.

infoterrorism

c.

hacking

b.

cyberterrorism

d.

cracking

80.

Web hosting services are usually arranged with an agreement defining minimum
service levels known as a(n) ____.